Red Hat Bugzilla – Bug 166597
No way to set LDAP bind passwd without having it visible on the command line
Last modified: 2014-08-31 19:27:49 EDT
To set the LDAP bind passwd for samba (in secrets.tdb) you must use "smbpasswd
It would be nice if smbpasswd would prompt for the password if it wasn't
supplied on the command line
Rationale is that for the brief time that smbpasswd is running, the password is
visible to everyone via /prov/$pid/cmdline, which isn't ideal
This is a security issue. The smbpasswd program should support reading the
admin password from a prompt, and also support the -s option (read from stdin.)
Can the owner of this bug set the severity to secruity?
See also upstream bug: https://bugzilla.samba.org/show_bug.cgi?id=3356.
I think this is now fixed in the upstream SVN tree. See
It looks like Fedora has incorporated the upstream fix. I'm not sure exactly
when this was pulled in, but samba-common-3.0.23c-2 is good (see the new -W and
-s options.) I tried to close this bug, but I can't because I was not the reporter.